From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5C4A41382C5 for ; Wed, 4 Apr 2018 23:55:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6B134E0AEC; Wed, 4 Apr 2018 23:55:30 +0000 (UTC) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DCE1CE0AB2 for ; Wed, 4 Apr 2018 23:55:29 +0000 (UTC) Received: by mail-wm0-x22d.google.com with SMTP id x4so1708261wmh.5 for ; Wed, 04 Apr 2018 16:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=0p7UwrrhbNpJfHFhBNZfVsh6557u0yOW9gfH83Uny9M=; b=BbVTUE8TOTP/wbT3Mn8cURuOIMcdc/N2V9P9G2ElsafMBX5XmAG/GLQvDBpDrpgao0 XEW5khfSeNbQhUEphSHhMBZtTr5LGfpc4+0XC9wcvbEQYGbJ8Jn4jyfMSN3ptUcXHxpt syXEwE8Sqf6lhvOBDiuYrMYcG/+U7nqF26csJf7RcfgP9kabhC/Z7DwITrDC8eOJdCWB frKAsQYEJh4+SCZND3xtW44sUdfmmMVWTAiTdetVeMkjocThd05vMYDoGM3yfdvOF7ns v1Pfu3uwZXgPcbM7E9S6SH5QM0juIPyJz1hemws+bcho3gm1VIKiaz0xcsdPkEA/FpVc +zfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=0p7UwrrhbNpJfHFhBNZfVsh6557u0yOW9gfH83Uny9M=; b=jO89qdkU18cZyK+Da2xg+5ujH9qeMUip9ZHcD1TopJ/W0jKY8BeuRkB76hx3A4H3TW +AA+9mZ2LONGiAM3GLVX5SMbXTJ0FEOdxrqtzDl9dQM2Lua8u4usULrnc6xFfA7R0q+4 nLPxTQCPqkwjUp3CSSQpnE4f/logRbxmvWAncn0m8eBQSZcGy1dFKBHKCq6FAa1AndoG XjV+iK3m1rZzUTLeSrbclhY4YKZ/ekbylmzsvv8t/58M6FD0PzTKNi/z/7RmsEoQJSE/ GmmgjV/vmE15F159VAODQ7U4UkpaIIAljZjTd1QE33mSPRZK5qERQX58IUo/84byHO7Q wtxw== X-Gm-Message-State: ALQs6tAqUii7WD1s53xe4yXgtbBhmw5ALV8DEj3I+VmCzJcar08sQbxw xVDZEy8nKIhYf5u/9mMCQC2kBO+2iBLjlSR/WmmOKA== X-Google-Smtp-Source: AIpwx48LJ7aynUDgJcFJPydovbCGsbQxdE2jau9K8E/Vrrj87aZR/qjZIY4+E1584RekGxFIA1r8fqg/kzxAoT1RnJk= X-Received: by 10.46.111.8 with SMTP id k8mr12149307ljc.112.1522886128118; Wed, 04 Apr 2018 16:55:28 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.46.18.71 with HTTP; Wed, 4 Apr 2018 16:55:27 -0700 (PDT) In-Reply-To: References: From: R0b0t1 Date: Wed, 4 Apr 2018 18:55:27 -0500 Message-ID: Subject: Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux? To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: b008ce97-d4f5-4137-9933-30cdc24638c5 X-Archives-Hash: 2207016a0e3e0ec5905181da34b0fddf On Wed, Apr 4, 2018 at 3:18 PM, gevisz wrote: > A friend of mine asked me to recommend him an open-source > VPN-server for Linux but unfortunately I never used one. > If not https://www.wireguard.com/, I recommend OpenVPN. You could try to set up IPsec if you wanted. > After some googling, I have found OpenVPN but do not know > if it is the best choice that suits his purposes, namely to access > local network that does not have its own fixed IP from the outside. > > To be more precise: the local network to be accessed to from the > outside is part of another local network. The latter (outer) network > has its own fixed IP but the former (inner) network gets its IP via DHCP. > So, it is impossible to connect to a computer in the inner network > from the outside directly. > > The computer in local network to be connected runs Windows. > The said friend of mine have tried to run some VPN server from > Windows but it somehow hangs the "inner" computer when > his "outer" computer has problems connecting to the Internet. > > So, now his idea is > 1) to run a virtual machine in the "inner" (Windows) computer, > 2) to install into this virtual machine very lightweight Linux server > only to run in it a VPN-server that should help him to connect > from the outside to the "inner" host (Windows) computer, which > has its fixed IP within the inner local network. > I'm not sure this makes sense. Firstly, in the case of OpenVPN at least, there is a Windows client and associated signed fake network device drivers. Perhaps if using Wireguard you might want to connect through a VM to your VPN; I am not sure if there is a Windows client. Secondly - you need the VPN server to be running on a computer which is globally accessible. If your friend is in the US or some parts of Europe their home line may not be behind NAT, and would work if set up properly. In general most networks you connect to will not work. You will always need one computer which is not behind NAT. Cheers, R0b0t1